1 files changed, 21 insertions, 3 deletions

diff --git a/config/Config-build.in b/config/Config-build.in
index 37cc3d7e5a..8e12199cbd 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -329,27 +329,45 @@ menu "Global build settings"
 	endchoice
 
 	config TARGET_ROOTFS_SECURITY_LABELS
-		bool "Enable rootfs security labels"
+		bool
 		select KERNEL_SQUASHFS_XATTR
 		select KERNEL_EXT4_FS_SECURITY
 		select KERNEL_F2FS_FS_SECURITY
 		select KERNEL_UBIFS_FS_SECURITY
 		select KERNEL_JFFS2_FS_SECURITY
+
+	config SELINUX
+		bool "Enable SELinux"
+		select KERNEL_SECURITY_SELINUX
+		select TARGET_ROOTFS_SECURITY_LABELS
+		select PACKAGE_procd-selinux
+		select PACKAGE_busybox-selinux
 		help
-		  This option enables the usage of SELinux labels
+		  This option enables SELinux kernel features, applies security labels
+		  in squashfs rootfs and selects the selinux-variants of busybox and procd.
+
+		  Selecting this option results in about 0.5MiB of additional flash space
+		  usage accounting for increased kernel and rootfs size.
 
 	choice
 		prompt "default SELinux type"
 		depends on TARGET_ROOTFS_SECURITY_LABELS
 		default SELINUXTYPE_dssp
 		help
-		  Choose SELinux policy to be used for build.
+		  Select SELinux policy to be installed and used for applying rootfs labels.
+
 		config SELINUXTYPE_targeted
 			bool "targeted"
 			select PACKAGE_refpolicy
+			help
+			  SELinux Reference Policy (refpolicy)
+
 		config SELINUXTYPE_dssp
 			bool "dssp"
 			select PACKAGE_selinux-policy
+			help
+			  Defensec SELinux Security Policy -- OpenWrt edition
+
 	endchoice
 
 endmenu